Adobe Patches Nearly 140 Vulnerabilities

Adobe Patches Nearly 140 Vulnerabilities

Posted on By CWS

Adobe on Tuesday introduced the rollout of patches for practically 140 vulnerabilities throughout its merchandise, together with critical-severity bugs in ColdFusion and Expertise Supervisor.

ColdFusion obtained fixes for 12 safety defects, most of which may very well be exploited for arbitrary code execution.

Probably the most extreme of those are CVE-2025-61808, CVE-2025-61809, and CVE-2025-61830 (CVSS rating of 9.1), described as unrestricted harmful file add, improper enter validation, and deserialization of untrusted knowledge, respectively.

Fixes for all 12 bugs had been included in ColdFusion 2025 replace 5, ColdFusion 2023 replace 7, and ColdFusion 2021 replace 23.

This month, Expertise Supervisor (AEM) obtained fixes for 117 vulnerabilities, 116 of that are cross-site scripting (XSS) flaws, together with two critical-severity bugs, tracked as CVE-2025-64537 and CVE-2025-64539 (CVSS rating of 9.3).

The remaining 114 XSS points are medium-severity bugs. The replace additionally resolves a high-severity defect described as dependency on a susceptible third-party element.

AEM Cloud Service launch 2025.12 and AEM variations 6.5 LTS SP1 (GRANITE-61551 Hotfix) and 6.5.24 resolve all safety defects.

Adobe has slapped a precedence score of ‘1’ on each the ColdFusion and AEM updates, urging customers to use the fixes as quickly as attainable.Commercial. Scroll to proceed studying.

On Tuesday, the corporate additionally introduced fixes for 2 high- and two medium-severity safety holes within the DNG SDK, two high- and two low-severity points in Acrobat and Reader, and one medium-severity flaw in Inventive Cloud Desktop for macOS.

Adobe says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further info may be discovered on the corporate’s safety advisories web page.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Exploitation of Vital Adobe Commerce Flaw Places Many eCommerce Websites at Threat

Associated: Organizations Warned of Exploited Adobe AEM Types Vulnerability

Associated: Adobe Patches Vital Vulnerability in Join Collaboration Suite

Security Week News Tags:, ,

Related Posts

Medtronic Confirms Breach Amid ShinyHunters Threat Medtronic Confirms Breach Amid ShinyHunters Threat Security Week News
In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs Security Week News
Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention Security Week News
Vulnerability Exposes Data Leaks in Moltbook AI Network Vulnerability Exposes Data Leaks in Moltbook AI Network Security Week News
Salesforce Instances Hacked via Gainsight Integrations Salesforce Instances Hacked via Gainsight Integrations Security Week News
VMScape: Academics Break Cloud Isolation With New Spectre Attack VMScape: Academics Break Cloud Isolation With New Spectre Attack Security Week News